LeicaMan123 0 Posted August 4, 2014 Share Posted August 4, 2014 Before I start to upload to Evernote all my credit card statements and other personal and confidential information, I would like to know how secure Evernote really is. Are Evernote employees able to view my notes? Or are they encrypted? What if hackers attack Evernote? Can they steal my notes? Has anyone else here uploaded confidential data to Evernote and if so then how do you feel about it? I am not worried about someone hacking into my own personal Evernote account as I have a strong password and have enabled two step authentication so that I get a text message with a code each time I access it from a new device. Thanks. Link to comment
BurgersNFries 2,407 Posted August 4, 2014 Share Posted August 4, 2014 Before I start to upload to Evernote all my credit card statements and other personal and confidential information, I would like to know how secure Evernote really is. Are Evernote employees able to view my notes? Or are they encrypted? What if hackers attack Evernote? Can they steal my notes? Has anyone else here uploaded confidential data to Evernote and if so then how do you feel about it? I am not worried about someone hacking into my own personal Evernote account as I have a strong password and have enabled two step authentication so that I get a text message with a code each time I access it from a new device. Thanks. The search function is your friend. There are already a lot of threads on these topics. In a nutshell, if you don't want anyone else to see it, don't put it into Evernote unless it's encrypted or in a local/non-sync'd notebook. Again, if you need help on these topics, please search the board first. There is a wealth of information here. Link to comment
ScottLougheed 1,316 Posted August 4, 2014 Share Posted August 4, 2014 Evernote's security is pretty well in line with most cloud service, so you should just treat it as such. What that means to you depends a great deal on your feelings and the type of content you are putting in. And remember, every single cloud service no matter what is vulnerable to hackers. Every single one. Every one. Link to comment
LeicaMan123 0 Posted August 4, 2014 Author Share Posted August 4, 2014 Thanks for the replies. While I have full respect for all Evernote employees, it is very bad news that they are able to read all my notes. I have another question. Recently I purchased a Livescribe Wifi pen and in order to use that I had to authorize Livescribe full access to my Evernote account. So now do the employees of Livescribe also have access to my Evernote notes? And only yesterday I downloaded two apps on my iPad - Bamboo Paper and Moleskine Journal. Both of these apps want access to my Evernote account too. So then will employees of all these four companies be able to read my private stuff??? This is not what I had hoped for... It is one thing for the FBI to read it (fair enough I suppose) but to have all these other people too? Link to comment
ScottLougheed 1,316 Posted August 4, 2014 Share Posted August 4, 2014 Well, first of all, who is your email provider? Do you send private or personal information over email? If so, your email provider can read your emails if they so chose (indeed this applies to pretty much all mail providers). Evernote, Dropbox, Google, Microsoft live, it's is all the exact same situation. If you are I killing to grant this trust to your email provider, are any of these other companies less deserving of your trust?The key words here are "potentially" and "choose". Any cloud service that does not user zero-knowledge encryption can potentially access the files you store there, if they chose to. This is the case for almost all cloud service providers and email providers. You have to trust that they have proper security procedures in place, that as few employees as possible have potential access to user data (for many cloud service providers, only a couple of personnel actually even have the capability to do this, at least at the good companies), and that the companies and those people choose NOT to access those data. This is a game of trust.As for third-party authorization, this is a different set of things entirely. 1) you are explicitly asked permission, so you can say no.2) Evernote gives you the ability to revoke permission given at any time in your account settings. You can revoke Bamboo's access any time you want.3) your notes are still only ever stored by Evernote. Wacom's application or Moleskin are reading the information off Evernote's servers. You need to give them permission to do this to allow those applications to function, which makes sense. But this does not explicitly grant Wacom or moleskin, the companies, access. You have not transmitted your data to those company's servers, they still reside entirely and solely on Evernote's servers (and in the local cache of whatever device you are using). So no, it is not the case that moleskin and Wacom are sitting there reading your Evernote content, nor are they capable of doing so. The Evernote API (that is how third parties tie into Evernote, through the Application Programming Interface) limits that sort of thing to protect users.Storing content on someone else's servers is always a trust thing. Unless you have zero-knowledge encryption, which is rare for cloud services (CrashPlan and Spider Oak are exceptions), your choices are to 1) cross your fingers and hope the staff at the cloud service have something better to do than sit in the lunch room looking at their users data (which they are likely unable to access anyway). 2) stop using email, and use only cloud services with zero-knowledge enryption.The second option is really all but impossible at this point in time... Link to comment
Level 5* GrumpyMonkey 4,320 Posted August 5, 2014 Level 5* Share Posted August 5, 2014 I think that Scott has covered all of the bases, except for #3. I am not aware of anything in the Evernote API that would prevent a company from trolling through your notes. If you grant them access to one thing, they get access to it all, and there is no way for you to know what they have or have not seen. Heck, they could even be mirroring your account on their home computers in real time for all we know. That is why you want to be careful who you give access to. How do you know who to trust? Good question. This problem isn't unique to Evernote, of course. Users of Dropbox know that employees can freely read through all of your stuff, and granting access to any app means that everything is up for grabs, so you never assume that anything in the cloud is secure unless it is at least encrypted. You can encrypt things before uploading them and Evernote offers you the ability to encrypt blocks of text. Even then, we know that the NSA and others can probably read it. As Scott said, you'll want to decide what level of potential privacy invasions you are willing to risk with your data. If the answer to the last question is 0, then you are probably a good candidate for Evernote's local notebooks or another service that encrypts its databases / doesn't rely on the cloud. Link to comment
Recommended Posts
Archived
This topic is now archived and is closed to further replies.